Loading ...
Sorry, an error occurred while loading the content.

Re: HOWTO CentOS nasty login security bug fix

Expand Messages
  • thad_floryan
    ... Heh, I see you, Scott, commented on this previously: The final answer from Red Hat (Mike Grima):
    Message 1 of 4 , Mar 30, 2012
    • 0 Attachment
      --- In linux@yahoogroups.com, "thad_floryan" <thad@...> wrote:
      > --- In linux@yahoogroups.com, Scott <scottro@> wrote:
      > > On Fri, Mar 30, 2012 at 07:20:42PM -0000, thad_floryan wrote:
      > > > Though I'm overall extremely pleased with CentOS 6.2, there's a dumb
      > > > login security bug for which there's a simple fix.
      > > >
      > > > Long story short: the login screen presents a pick'n'choose list of
      > > > valid user names for the system.
      > > > [...]
      > > > Do RHEL logins work that way also?
      > >
      > > Yup, if it's in CentOS it's in RHEL.
      > Which implies also Oracle Linux and Scientific Linux which are both
      > based on RHEL.
      > [...]

      Heh, I see you, Scott, commented on this previously:


      The final answer from Red Hat (Mike Grima):

      " There is a problem with the proposed gconf configuration command
      " that supposedly fixes the problem: it kills smart card login
      " support.
      " Increasingly, many secure environments are using smart cards to
      " control access to their systems, and thus, this command is not a
      " proper workaround to this problem.
      " I am currently in the process of submitting a support ticket for
      " this to be resolved, because this is very serious. Displaying
      " all available user accounts on the system is a major security
      " problem that is unacceptable for an enterprise class OS, such as
      " RHEL.
      " This is a major regression from RHEL 5 which did not present a
      " user list, and also allowed for proper smart card login support.
      " This problem should, at the very least, be addressed in RHEL 6.3
      " or 6.4.

      Foo on the smartcards. The gconf solution fixes the problem TODAY,
      not 2-3 years from now.

      Is everyone at Red Hat that dense?
    Your message has been successfully submitted and would be delivered to recipients shortly.